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REMARKS 

In view of the following remarks. Applicants respectfully request 
reconsideration and allowance of the subject application. Claims 11-17 are canceled 
without prejudice. Claims 1, 3 and 6 are currently amended. Claims 2, 4, 5 and 7-10 
are original. Claims 18-27 are new. Claims 1-10 and 18-27 are pending. 

The S103 Rejections 

Applicants submit that the Office has failed to establish a prima facie case of 
obviousness and respectfully traverse the Officers rejections of Claim 1-10. 
However, before discussing the substance of the Office's rejection a section entitled 
"The §103 Standard" is provided and will be used in addressbg the Office's 
rejections. Following this section, a discxission of the disclosure and teachings of the 
relied upon references is provided. 

The 8103 Standard 

To establish a prima facie case of obviousness, three basic criteria mtisi be met 
First, there must be some suggestion or motivation, either in the references themselves 
or in the knowledge generally available to one of ordinary skill in the art, to modify 
the reference or to combine reference teachings. In re Jones, 958 F.2d 347, 21 
USPQ2d 1941 (Fed Cir. 1992); In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed Cir. 
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1988). Second, there must be a reasonable expectation of success. In re Merck & 
Co., Inc., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir, 1986). Finally, the prior art 
reference (or references when combined) must teach or suggest all the claim 
limitations. In re Royka, 490 F.2d 981, 180 USPQ 580 (CCPA 1974). 

Hence, when patentability turns on the question of obviousness, the search for 
and analysis of the prior art includes evidence relevant to the finding of whether there 
is a teaching, motivation, or suggestion to select and combine or modify the 
references relied on as evidence of obviousness. The need for specificity pervades 
this authority. See, e.g.. In re Kotzab, 217 F,3d 1365, 1371, 55 USPQ2d 1313, 1317 
(Fed. Cir. 2000) ("particular findings must be made as to the reason the skilled artisan, 
with no knowledge of the claimed invention, would have selected these components 
for combination in the manner claimed"). 

The Gutman Reference 

Generally, Gutman discloses a technique for integrating authentication 
authorization and accoimting service and proxy service for internet service provides 
(ISP) that support wholesale and retail users. See: Title; Abstract; and Col. 1, line 14 
through col. 2, line 63. In operation, Gutman teaches that the proxy server of an ISP 
receives a network address request from a user. The proxy server parses the network 
access request for an identification of the user's domain. If the user's domain 
corresponds to that of the ISP, the network access request is routed to the 

leeOhsyeSpnc 509'324.925e 9ofl9 ATTORNEY DOCKET NO. MS 1.2578US 

RESPONS5 TO OFFICE ACTION DATED: JUNE 22, 2005 APPUCATION NO. 09/4S0.199 



PAGE 12/22 ' RCVD AT 11I22/200S 5:14:34 PM [Eastern Standard Inne] ' SVR:USPTO-EFXRF-6/32 * DNIS:273S300 * CSID:15093238979' DURATION (mni-ss):05-36 



NOU 22 2005 14:19 FR 00 



15093238979 TO 15712738300 P. 13/^ 



Authentication, Authorization and Accounting (AAA) server of the ISP. If the user's 
domain does not correspond to that of the ISP, the network access request is proxyed 
out to the AAA server in the user's domain, at an address and port specified in a 
domain identification entry maintained in a database by the ISP. The appropriate 
AAA server then authenticates the user and indicates the user's authorization to 
access the network. See: col. 10, lines 32-62; col. 1, lines 41-45; and col. 1. line 62 

through col. 2, line 10. 

Thus, the focus of Gutman's disclosure is a technique for securely routing the 
network access request of a user to the appropriate AAA server based upon the user's 
domain. 

The Vu Reference 

Generally, Vu discloses a technique for providing an internetwork security 
gateway. In operation, Vu teaches that the gateway provides for communication 
between a client and a requested host by coordinating communication between two 
distinct but interdependent communication sessions. Upon receiving a request from a 
user to communicate with a host, the gateway imitates the host in a first 
communication session with the client. If the client is determined to have access right 
to the host, the gateway imitates the client in a second communication session with 
the host. See: Abstract; and col. 5, lines 16-30. 
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Thus, the focus of Vu's disclosure is a technique for providing a transparent 
firewall between a client and a remote host, without revealing the client's address to 
the remote host. 

The Higlev Reference 

Generally, Higley discloses a technique for allowing a source to obtain the 
rights of a target object to access one or more objects in a distributed directory. In 
operation, Higley teaches that the source logs into a distributed directory as a source 
object. Having logged in as the source object, the source obtains the access rights of 
the source object, including the authorization to access the target object and to modify 
the authentication data of the target object. The source then generates new 
authentication data, such as a random password and a new private/public key pair. 
Thereafter, the source accesses the target object by using the rights of the source 
object. The source accesses the target object to modify the authentication data of the 
target to include the new authentication data. Modifying the authentication data of the 
target enables the source to obtain the access right of the target object. Thus, the 
source may log into the distributed directory using the new authentication data and 
obtaining the access right of the target object. Thereafter, the source becomes a proxy 
for the target object and thereby obtains the access rights of the target object. See: 
Abstract; and col. 5, line 26 through col. 6, line 24. 
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Thus, the focus of Higley's disclosure is a technique for obtaining the access 
rights of a target object by allowing the source to modify the authentication data of 
the target object. 

The Subramaniam Reference 

Generally, Subramaniam discloses a technique for providing secure access to a 
network from an external client- In operation, Subramaniam teaches that the request 
for access to confidential data is redirected from a target server to a boarder server. 
After being redirected to a boarder server, a secure socket layer connection between 
the boarder server and the external client is utilized to carry user authentication 
information. Thereafter, the access request may be redirected back to the original 
target server. Subramaniam fiirther teaches that web pages sent from the target server 
to the external client are scanned for non-secure uniform resource locators, which are 
then modified to maintain use of the secure socket layer coimection. See: Abstract; 
and col. 14, line 50 through coL 16, line 15, 

Thusi the focus of Subramaniam's disclosure is a technique for securely 
authenticating an external client and then modifying the non-secure content of 
communications between the network and the external client to maintain a secure 
communication link. 
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Response to the 6103 Rejections 

Claims 1 and 2 stand rejected under 35 U.S.C. § 103 a$ being obvious in view 
of the combination of U.S. Patent No. 6,298,383 to Gutman and U.S. Patent No. 
5,623,601 to Vu, In response, the Applicants respectfully traverse the rejection. 

Claim 1, as amended, recites a method of enabling a proxy client in a secured 
network to access a target service on behalf of a user, comprising the steps of: 

• registering proxy authorization information regarding the user with a trusted 
security server, the proxy authorization information identifying the proxy 
client and an extent of proxy authorization granted the proxy client by the 
user; 

• submitting, by the proxy client, a proxy request to the trusted security server 
requesting access to the target service on behalf of the user; 

• comparing, by the tmstcd security server, the proxy request with the registered 
proxy authorization information of the user to determine whether to grant the 
proxy request; 

• issuing, by the trusted security service, a data structure containing 
authentication data recognizable by the target service for authenticating the 
proxy client for accessing the target service on behalf of the user, if it is 
determined to grant the proxy request. 
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Gutman does not teach or suggest "registering proxy authorization information 
regarding the user with a trusted security server, the proxy authorizatjon information 
identifying the proxy client and an extent of prox v authorization granted the proxy 
rAient bv the user ." Instead, Gutman discloses transferring authentication of the user 
from the ISP to the owner of the user (e.g., the ISP or the user's domain) at col. 1. 
lines 41-45. At col. 1 line 41 through col. 2 line 4, Gutman discloses a specific 
implementation of transferring authentication of the user from the ISP's proxy server 
to the Authentication, Authorization and Accounting (AAA) server in the user's 
domain (e.g., Coip A). Specifically, the network access request from a user is parsed 
for an identification of the user's domain. The network access request is proxyed to 
an AAA service in the user's domain at an address and port as specified in a domain 
identification entry. 

As part of proxying out the authentication transaction, the AAA server 
provisions an IP address or a pool identifier of an IP address pool from which an IP 
address needs to be allocated for the ISP to use. The ISP maintains infonnation (e.g., 
domain identification entries), such as supported domain names, the IP address to 
which the proxy authentication transaction is to be sent, and the port number to which 
the proxy authentication transaction is to be sent. The IP address provisioned by the 
AAA server and the domain identification entries maintained by the ISP are utilized 
by the ISP for authenticating the user (col. 2, lines 6-10) and granting access to the 
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user to access the network (col. 2, lines 2-4). Accordingly, the infonnation grants 
access to the user not the proxy server of the ISP. 

Thus, Gutman does not teach or suggest "registering proxy authorization 
infonnation regarding the user with a trusted security server, the proxy authorization 
information identifying the nroxv client and an extent of proxy authorization grante d 
the proxy client bv the user ." Furthermore, Vu has not been shown to teach or suggest 
"registering proxy authorization information regarding the user with a trusted security 
server, the proxy authorization infonnation identifying the proxy client and an extent 
of proxy authorization granted tiie proxy client by the user." Applicants therefore 
respectfully submit that Claim 1 is patentable over, Gutman, Vu and the combination 
thereof. Accordingly, Apphcants request that the § 103(a) rejection of Claim 1 be 
withdrawn and Claim 1 be allowed. 

Claim 2 is dependent upon Claim 1 and incorporates all the limitations of 
Claim 1. Accordingly, Claim 2 is allowable by virtue of its dependency on respective 
base Claim I, as well as the additional elements it recites. Applicants therefore 
request that the § 103(a) rejection of Claim 2 be withdrawn and Claim 2 be allowed 

Claims 3-8 and 10 stand rejected under 35 U.S.C. § 103 as being obvious in 
view of the combination of U.S. Patent No. 6,298,383 to Gutman, U.S. Patent No. 
5,623,601 to Vu and U.S. Patent No. 5,913,025 to Higley. In response, the Apphcants 
respectfully traverse the rejection. 
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Claims 3, 4 and 5 are dependent upon Claim 1 and incorporates all the 
limitation of Claim 1. As shown above, independent Claim 1 is patentable over 
Gutman, Vu and the combination thereof. Furthermore, Higley does not teach or 
suggest the claimed combination of elements of independent Claim 1 as discussed 
above. Accordingly, Claims 3, 4 and 5 arc also allowable by virtue of their 
dependency on Claim 1, as well as the additional elements they recite. Applicants 
therefore respectfully request that the § 103(a) rejection of Claims 3, 4 and 5 be 
withdrawn and Claims 3, 4 and 5 be allowed. 

Claim 6, as amended, recites a computer-readable medium having computer- 
executable instruction for a trusted security server to perform the steps: 

• storing proxy authorization information from a user for authorizing a proxy 
client to act as a proxy of the user, the proxy authorization information 
identifying an extent of proxy authorization granted the proxy client by 
the user; 

• receiving a proxy request from the proxy client to access a target service on 
behalf of the user; 

• determining, based on the stored proxy authorization information of the 
user, whether to grant the proxy request; 
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• constructing a data structure containing authentication data recognizable by 
the target service for authenticating the proxy chent for accessing the target 
service on behalf of the user, if it is determined to grant the proxy request 

Gutman does not teach or suggest "storing proxy authorization information 
from a user for authorizing a proxy client to act as a proxy of the user, the proxy 
authorization infnmiation jcWitifving an extent of proxy authorization wrantef^ th^ 
proxy client bv the user .** Instead, those skilled in the art appreciated that Gutman 
suggests storing authorization information regarding the user. Specifically, Gutman 
discloses that the AAA server in the user's domain stores an IP address associated 
with the user, at col. 1, line 65 through col. 2, line 2. Furthermore, Gutman discloses 
that the ISP grants the user access to the network based upon the reply it gets back 
from the AAA server, at col, 2 lines 2-4. To be able to do this, the ISP server 
maintains information such as supported domain names of networks that the user can 
have access to, the IP address to which the authentic ation transaction is to be sent to, 
and the port number on the AAA server to which the authentication transaction is to 
be addressed, at col. 2, lines 6-10. The IP address provisioned by the AAA server and 
the domain identification entries maintained by the ISP are utilized by the ISP for 
authenticating the user (col. 2, lines 6-10) and prantine acce ss to the user to access the 
network (col. 2, lines 2-4). Accordingly, the information grants access to the user not 
the proxy server of the ISP. 
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Thus, Gutman does t)ot teach or suggest "storing proxy authorization 
information from a user for authorizing a proxy client to act as a proxy of the user, M 
proxy authorization informat i on identifying an extent of proxy authorization granted 
thP. proxy client by the user .'* Furthermore, neither Vu nor Higley have been shown to 
teach or suggest "storing proxy authorization information from a user for authorizing 
a proxy client to act as a proxy of the user, the proxy authorization information 
identifying an extent of proxy authorization granted the proxy client by the user." 
Applicants therefore respectfully submit that Claim 6 is patentable over Gutman, Vu, 
Higley and the combination thereof Accordingly, Applicants request that the § 103(a) 
rejection of Claim 6 be withdrawn and Claim 6 be allowed. 

With respect to Claims 7, 8 and 10, it is noted that independent Claim 6 is 
patentable over Gutman, Vu, Higley and the combination thereof for the above- 
advanced reasons. Consequently, Claims 7. 8 and 10 are also allowable by virtue of 
their dependency on Qaim 6, as well as the additional elements they recite. 
Applicants therefore respectfully request that the §103(a) rejection of Qaims 7, 8 and 
10 be withdrawn and Claim 7, 8 and 10 be allowed. 

Claim 9 stands rejected under 35 U.S.C. § 103 as being obvious in view of the 
combination of U.S. Patent No. 6,298,383 to Gutman, U.S. Patent No. 5,623,601 to 
Vu, U.S. Patent No. 5,913,025 to Higley and U.S. Patent No. 6,081,900 to 
Subramaniara. In response, the Applicant respectfully traverses the rejection. 
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Claim 9 is dependent upon Claim 6 and incorpotates all the limitation of 
Claim 6. As shown above, independent Claim 6 is patentable over Gutman, Vu, 
Higley and the combination thereof. Furthemiore, Subramanian has not been shown 
to teach or suggest the claimed combination of the elements of independent Claim 6 
as discussed above. Accordingly, Claim 9 is also allowable by virtue of its 
dependency on Claim 6, as well as the additional elements it recites. 

New Claims 

New Claims 18-27 are provided for examination. Applicant believes that 
these claims are allowable over the prior art of record. 

Conclusion 

Applicants submit that the pending claims are in condition for allowance and 
respectfully requests that this application be allowed and forwarded on to issuance. 

Respectfully Submitted, 




Reg, No. 46,274 
Attorney for Applicants 
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Spokane, Washington 99201 
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leeOhayes pile S09*324«9256 I 
JifiSPONSE TO OFFICE ACTION DATED: JU?^ 22. 2005 



19of 19 



ATTORNEY DOCKET NO. MS1-2378US 
APPLICATION NO. 09/4<)0,l99 



PAGE 2202 ^ RCVD AT 1 1I22/200S 5:1 4:34 PM [Eastern Standard Tiin^^ 



